CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4841

The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.7%

CVSS Severity

CVSS v3 Score 6.4

References

Products affected by CVE-2023-4841

Smashballoon » Feeds For Youtube » Version: N/A

cpe:2.3:a:smashballoon:feeds_for_youtube:-
Smashballoon » Feeds For Youtube » Version: 1.0

cpe:2.3:a:smashballoon:feeds_for_youtube:1.0
Smashballoon » Feeds For Youtube » Version: 1.0.1

cpe:2.3:a:smashballoon:feeds_for_youtube:1.0.1
Smashballoon » Feeds For Youtube » Version: 1.0.2

cpe:2.3:a:smashballoon:feeds_for_youtube:1.0.2
Smashballoon » Feeds For Youtube » Version: 1.0.3

cpe:2.3:a:smashballoon:feeds_for_youtube:1.0.3
Smashballoon » Feeds For Youtube » Version: 1.1

cpe:2.3:a:smashballoon:feeds_for_youtube:1.1
Smashballoon » Feeds For Youtube » Version: 1.1.1

cpe:2.3:a:smashballoon:feeds_for_youtube:1.1.1
Smashballoon » Feeds For Youtube » Version: 1.2

cpe:2.3:a:smashballoon:feeds_for_youtube:1.2
Smashballoon » Feeds For Youtube » Version: 1.2.1

cpe:2.3:a:smashballoon:feeds_for_youtube:1.2.1
Smashballoon » Feeds For Youtube » Version: 1.2.2

cpe:2.3:a:smashballoon:feeds_for_youtube:1.2.2
Smashballoon » Feeds For Youtube » Version: 1.2.3

cpe:2.3:a:smashballoon:feeds_for_youtube:1.2.3
Smashballoon » Feeds For Youtube » Version: 1.2.4

cpe:2.3:a:smashballoon:feeds_for_youtube:1.2.4
Smashballoon » Feeds For Youtube » Version: 1.3

cpe:2.3:a:smashballoon:feeds_for_youtube:1.3
Smashballoon » Feeds For Youtube » Version: 1.4

cpe:2.3:a:smashballoon:feeds_for_youtube:1.4
Smashballoon » Feeds For Youtube » Version: 1.4.2

cpe:2.3:a:smashballoon:feeds_for_youtube:1.4.2
Smashballoon » Feeds For Youtube » Version: 1.4.3

cpe:2.3:a:smashballoon:feeds_for_youtube:1.4.3
Smashballoon » Feeds For Youtube » Version: 1.4.4

cpe:2.3:a:smashballoon:feeds_for_youtube:1.4.4
Smashballoon » Feeds For Youtube » Version: 1.4.5

cpe:2.3:a:smashballoon:feeds_for_youtube:1.4.5
Smashballoon » Feeds For Youtube » Version: 2.0

cpe:2.3:a:smashballoon:feeds_for_youtube:2.0
Smashballoon » Feeds For Youtube » Version: 2.0.1

cpe:2.3:a:smashballoon:feeds_for_youtube:2.0.1
Smashballoon » Feeds For Youtube » Version: 2.0.2

cpe:2.3:a:smashballoon:feeds_for_youtube:2.0.2
Smashballoon » Feeds For Youtube » Version: 2.0.3

cpe:2.3:a:smashballoon:feeds_for_youtube:2.0.3
Smashballoon » Feeds For Youtube » Version: 2.0.4

cpe:2.3:a:smashballoon:feeds_for_youtube:2.0.4
Smashballoon » Feeds For Youtube » Version: 2.0.5

cpe:2.3:a:smashballoon:feeds_for_youtube:2.0.5
Smashballoon » Feeds For Youtube » Version: 2.0.6

cpe:2.3:a:smashballoon:feeds_for_youtube:2.0.6
Smashballoon » Feeds For Youtube » Version: 2.0.7

cpe:2.3:a:smashballoon:feeds_for_youtube:2.0.7
Smashballoon » Feeds For Youtube » Version: 2.1

cpe:2.3:a:smashballoon:feeds_for_youtube:2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4841

Products

Pricing

Contact Us